CN111898151B - Data transmission assisting method, system, terminal device and storage medium - Google Patents

Data transmission assisting method, system, terminal device and storage medium Download PDF

Info

Publication number
CN111898151B
CN111898151B CN202010843084.0A CN202010843084A CN111898151B CN 111898151 B CN111898151 B CN 111898151B CN 202010843084 A CN202010843084 A CN 202010843084A CN 111898151 B CN111898151 B CN 111898151B
Authority
CN
China
Prior art keywords
data transmission
auxiliary system
server
transmission auxiliary
data packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010843084.0A
Other languages
Chinese (zh)
Other versions
CN111898151A (en
Inventor
于海龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiede China Technology Co ltd
Original Assignee
Jiede China Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiede China Technology Co ltd filed Critical Jiede China Technology Co ltd
Priority to CN202010843084.0A priority Critical patent/CN111898151B/en
Publication of CN111898151A publication Critical patent/CN111898151A/en
Application granted granted Critical
Publication of CN111898151B publication Critical patent/CN111898151B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)

Abstract

The application provides a data transmission assisting method, a data transmission assisting system, terminal equipment and a storage medium. This system, for connecting a secure chip SE, comprises: the device comprises a transmission control module, an operation module and a storage module. The transmission control module is connected with the SE and is used for carrying out data transmission between the external equipment and the SE based on a preset communication rule; the operation module is connected with the transmission control module and is used for processing the data transmitted by the transmission control module; the storage module is connected with the transmission control module and is used for storing the data transmitted by the transmission control module. Different from the mode of directly processing communication data of SE and external equipment through host equipment in the prior art, the scheme of the application provides a data transmission auxiliary system, so that the external equipment can communicate with SE through the auxiliary system, and the communication mode is not limited by the working mode of the host equipment any more, thereby improving the adaptability of SE.

Description

Data transmission assisting method, system, terminal device and storage medium
Technical Field
The present disclosure relates to internet of things, and in particular, to a data transmission assistance method, system, terminal device, and storage medium.
Background
A Secure Element (SE) is a chip for improving data security applied to an internet of things terminal. SE comprises two parts, secure hardware and secure software: the safety hardware comprises a safety running environment, safety storage, a safety algorithm, a safety interface and the like; the security software provides a secure interaction mechanism to ensure the interaction security of commands and data between the SE and the upper computer. Based on the safety functions of safety processing, safety calculation, safety storage and the like of the SE, the functions of identity authentication, data transmission encryption, sensitive information protection and the like of the equipment can be realized.
The secure interaction mechanism of the SE also causes some drawbacks to the data transmission process of the SE. For example, an SE is a single-threaded communication endpoint, and its host terminal mostly adopts a multi-threaded processor, which limits the use range and working efficiency of the SE.
Disclosure of Invention
The application provides a data transmission auxiliary method, a data transmission auxiliary system, terminal equipment and a storage medium, which can improve the adaptability of SE without changing SE and a host terminal.
In a first aspect, the present application provides a data transmission auxiliary system for connecting a security chip SE, the system comprising: the device comprises a transmission control module, an operation module and a storage module. The transmission control module is connected with the SE and is used for carrying out data transmission between the external equipment and the SE based on a preset communication rule; the operation module is connected with the transmission control module and is used for processing the data transmitted by the transmission control module; the storage module is connected with the transmission control module and is used for storing the data transmitted by the transmission control module.
Optionally, the system further comprises: and an interface conversion module. The interface conversion module is connected with the transmission control module and is used for connecting the SE host equipment so as to realize direct data transmission between the SE and the host equipment.
Optionally, the system further comprises: and a power supply module. The power module is used for providing stable voltage for the data transmission auxiliary system and the SE.
Optionally, the power module includes: the device comprises a power supply module and a voltage stabilizing module. The power supply module is connected with the voltage stabilizing module and is used for supplying power; the voltage stabilizing module is used for converting the voltage provided by the power supply module into stable voltage.
In a second aspect, the present application provides a data transmission assisting method, which is applied to the data transmission assisting system in the first aspect, and includes: receiving a data packet sent by a server through a secure channel; receiving a key of a temporary secure channel sent by a server through the secure channel; and transmitting the data packet to the SE through the temporary secure channel by utilizing the key of the temporary secure channel.
Optionally, the receiving the data packet sent by the server through the secure channel includes: if interruption occurs in the process of receiving the data packet sent by the server through the secure channel, recording a breakpoint; the break point is sent to a server, so that the server continues to send the data packet according to the break point; and the receiving server continues to send the data packet according to the breakpoint.
Optionally, the data packet includes: the update package is applied. The method further comprises the steps of: receiving application version information corresponding to the application update data packet sent by a server through a secure channel; acquiring application version information in the SE; determining whether the application update data packet needs to be received according to the application version information corresponding to the application update data packet and the application version information in the SE; and if the application update data packet is determined to be received, sending an update request to a server so that the server sends the application update data packet through a secure channel.
In a third aspect, the present application provides a data transmission assisting method, applied to a server, including: establishing a safety channel between the data transmission auxiliary system and the data transmission auxiliary system; transmitting a data packet to a data transmission auxiliary system through a secure channel; establishing a temporary security channel between the data transmission auxiliary system and the SE; and sending a key of the temporary security channel to the data transmission auxiliary system through the security channel, so that the data transmission auxiliary system sends the data packet to the SE through the temporary security channel by utilizing the key of the temporary security channel.
Optionally, the sending the data packet to the data transmission auxiliary system through the secure channel includes: receiving a breakpoint sent by a data transmission auxiliary system, wherein the breakpoint is recorded when the data transmission auxiliary system is interrupted in the process of receiving a data packet sent by a server through a secure channel; and continuing to send the data packet according to the breakpoint.
Optionally, the data packet includes: the update package is applied. The method further comprises the steps of: transmitting application version information corresponding to the application update data packet to a data transmission auxiliary system through a secure channel, so that the data transmission auxiliary system determines whether the application update data packet needs to be received according to the application version information corresponding to the application update data packet and the application version information in SE; and receiving an update request sent by the data transmission auxiliary system, wherein the update request is sent to a server by the data transmission auxiliary system when the data transmission auxiliary system determines to receive the application update data packet.
In a fourth aspect, the present application provides a data transmission assisting method applied to the data transmission assisting system according to the first aspect, including: receiving a smart card instruction set sent by an access terminal, wherein the smart card instruction set comprises N instructions, and N is an integer greater than 0; disassembling N instructions from the intelligent card instruction set according to a preset sequence; according to a preset sequence, the N instructions are sent to SE one by one; according to a preset sequence, receiving responses of SE to N instructions one by one; after receiving a response of SE to an nth instruction, transmitting the (n+1) th instruction, wherein N is an integer greater than 0 and less than N; and feeding back the responses of the N instructions to the access terminal.
In a fifth aspect, the present application provides a data transmission assisting method, applied to an access terminal, including: transmitting a smart card instruction set to a data transmission auxiliary system, wherein the smart card instruction set comprises N instructions, N is an integer greater than 0, so that the data transmission auxiliary system transmits the N instructions to SE one by one according to a preset sequence; and receiving responses of N instructions sent by the data transmission auxiliary system, wherein the responses of the N instructions are responses of SE (sequence of events) to the N instructions.
In a sixth aspect, the present application provides a data transmission assisting apparatus, including: a receiving module and a transmitting module. The receiving module is used for receiving the data packet sent by the server through the secure channel; the key of the temporary secure channel sent by the server through the secure channel is received. The sending module is configured to send the data packet to the SE through the temporary secure channel by using the key of the temporary secure channel.
Optionally, when the receiving module receives a data packet sent by the server through the secure channel, the receiving module is specifically configured to: if interruption occurs in the process of receiving the data packet sent by the server through the secure channel, recording the breakpoint. The sending module is further configured to send the breakpoint to a server, so that the server continues to send the data packet according to the breakpoint. The receiving module is further configured to: and the receiving server continues to send the data packet according to the breakpoint.
Optionally, the data packet includes: the update package is applied. The receiving module is further configured to: receiving application version information corresponding to the application update data packet sent by a server through a secure channel; and acquiring application version information in the SE. The apparatus further comprises: and the determining module is used for determining whether the application update data packet needs to be received according to the application version information corresponding to the application update data packet and the application version information in the SE. And the sending module is further used for sending an update request to a server when the determining module determines that the application update data packet is received, so that the server sends the application update data packet through a secure channel.
In a seventh aspect, the present application provides a server, comprising: a setup module and a transmission module. The establishing module is used for establishing a safety channel with the data transmission auxiliary system; establishing a temporary security channel between the data transmission auxiliary system and the SE; the transmission module is used for sending the data packet to the data transmission auxiliary system through the secure channel; and sending a key of the temporary security channel to the data transmission auxiliary system through the security channel, so that the data transmission auxiliary system sends the data packet to the SE through the temporary security channel by utilizing the key of the temporary security channel.
Optionally, when the transmission module sends the data packet to the data transmission auxiliary system through the secure channel, the transmission module is specifically configured to: receiving a breakpoint sent by a data transmission auxiliary system, wherein the breakpoint is recorded when the data transmission auxiliary system is interrupted in the process of receiving a data packet sent by a server through a secure channel; and continuing to send the data packet according to the breakpoint.
Optionally, the data packet includes: the update package is applied. The transmission module is further configured to: transmitting application version information corresponding to the application update data packet to a data transmission auxiliary system through a secure channel, so that the data transmission auxiliary system determines whether the application update data packet needs to be received according to the application version information corresponding to the application update data packet and the application version information in SE; and receiving an update request sent by the data transmission auxiliary system, wherein the update request is sent to a server by the data transmission auxiliary system when the data transmission auxiliary system determines to receive the application update data packet.
In an eighth aspect, the present application provides a data transmission assisting apparatus, including: the device comprises a receiving module, a disassembling module and a sending module. The receiving module is used for receiving a smart card instruction set sent by the access terminal, wherein the smart card instruction set comprises N instructions, and N is an integer greater than 0; the disassembly module is used for disassembling N instructions from the intelligent card instruction set according to a preset sequence; the sending module is used for sending the N instructions to the SE one by one according to a preset sequence; the receiving module is also used for receiving responses of SE to N instructions one by one according to a preset sequence; after receiving a response of SE to an nth instruction, transmitting the (n+1) th instruction, wherein N is an integer greater than 0 and less than N; the sending module is further configured to feed back a response of the N instructions to the access terminal.
In a ninth aspect, the present application provides an access terminal, including: a transmitting module and a receiving module. The sending module is used for sending a smart card instruction set to the data transmission auxiliary system, wherein the smart card instruction set comprises N instructions, N is an integer greater than 0, so that the data transmission auxiliary system sends the N instructions to SE one by one according to a preset sequence; the receiving module is used for receiving responses of N instructions sent by the data transmission auxiliary system, wherein the responses of the N instructions are responses of SE to the N instructions.
In a tenth aspect, the present application provides a terminal device, including: SE, a data transmission assistance system according to the first aspect.
In an eleventh aspect, the present application provides a computer readable storage medium storing a computer program which, when executed by a processor, implements the method according to the second aspect.
In a twelfth aspect, the present application provides a program product comprising a computer program stored in a readable storage medium, from which the computer program can be read by a processor of an electronic device, the processor executing the computer program causing the electronic device to carry out the method according to the second aspect.
In a thirteenth aspect, the present application provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the method according to the third aspect.
In a fourteenth aspect, the present application provides a program product comprising a computer program stored in a readable storage medium, from which the computer program can be read by a processor of an electronic device, the processor executing the computer program causing the electronic device to carry out the method according to the third aspect.
In a fifteenth aspect, the present application provides a computer readable storage medium storing a computer program which, when executed by a processor, implements a method as described in the fourth aspect.
In a sixteenth aspect, the present application provides a program product comprising a computer program stored in a readable storage medium, from which the computer program can be read by a processor of an electronic device, the processor executing the computer program causing the electronic device to carry out the method according to the fourth aspect.
In a seventeenth aspect, the present application provides a computer readable storage medium storing a computer program which, when executed by a processor, implements the method according to the fifth aspect.
In an eighteenth aspect, the present application provides a program product comprising a computer program stored in a readable storage medium, from which the computer program can be read by a processor of an electronic device, the processor executing the computer program causing the electronic device to carry out the method according to the fifth aspect.
The application provides a data transmission auxiliary method, a data transmission auxiliary system, terminal equipment and a storage medium. This system, for connecting a secure chip SE, comprises: the device comprises a transmission control module, an operation module and a storage module. The transmission control module is connected with the SE and is used for carrying out data transmission between the external equipment and the SE based on a preset communication rule; the operation module is connected with the transmission control module and is used for processing the data transmitted by the transmission control module; the storage module is connected with the transmission control module and is used for storing the data transmitted by the transmission control module. Different from the mode of directly processing communication data of SE and external equipment through host equipment in the prior art, the scheme of the application provides a data transmission auxiliary system, so that the external equipment can communicate with SE through the auxiliary system, and the communication mode is not limited by the working mode of the host equipment any more, thereby improving the adaptability of SE.
Drawings
For a clearer description of the technical solutions of the present application or of the prior art, the drawings that are used in the description of the embodiments or of the prior art will be briefly described, it being obvious that the drawings in the description below are some embodiments of the present application, and that other drawings can be obtained from these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of an application scenario provided in the present application;
fig. 2 is a schematic structural diagram of a data transmission auxiliary system according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of another data transmission auxiliary system according to an embodiment of the present application;
fig. 4 is a flowchart of a data transmission assisting method according to an embodiment of the present application;
fig. 5 is a flowchart of another data transmission assistance method according to an embodiment of the present application;
fig. 6 is a flowchart of another data transmission assistance method according to an embodiment of the present application;
fig. 7 is a flowchart of another data transmission assistance method according to an embodiment of the present application;
fig. 8 is a flowchart of another data transmission assistance method according to an embodiment of the present application;
Fig. 9 is a flowchart of another data transmission assistance method according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of a data transmission auxiliary device according to an embodiment of the present application;
FIG. 11 is a schematic diagram of a server according to an embodiment of the present disclosure;
fig. 12 is a schematic structural diagram of another data transmission auxiliary device according to an embodiment of the present disclosure;
fig. 13 is a schematic structural diagram of an access terminal according to an embodiment of the present application;
fig. 14 is a schematic structural diagram of a terminal device according to an embodiment of the present application.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the present application more apparent, the technical solutions in the present application will be clearly and completely described below with reference to the drawings in the present application, and it is apparent that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
With the rapid development of the internet of things, the safety problem of the internet of things is increasingly outstanding. The safety of the Internet of things has become an important foundation for the development of the Internet of things industry. The safety requirement of the Internet of things mainly comprises the following four aspects: 1. a device unique identifier; 2. the equipment end and the cloud end perform bidirectional identity authentication; 3. data encryption transmission; 4. remote OTA upgrade security, etc.
The SE can just provide a safe trust root for operators of the Internet of things equipment, the operators of the Internet of things equipment issue equipment ID numbers, certificate keys and the like in the SE, and a set of complete Internet of things safety scheme is formed by combining the cloud safety cloud, so that reliable identity authentication, reliable communication encryption, data tamper resistance and repudiation resistance are realized, and the service development and the protection of the operators of the Internet of things equipment are realized.
SE has been widely used in a plurality of fields such as intelligent household electrical appliances, intelligent meter, intelligent lock, networking of vehicles, has accumulated abundant thing networking safety application experience.
Through updating and upgrading, eSE with smaller volume and lower power consumption is also provided.
But SE's own partial characteristics make it not fit for all kinds of internet of things terminals well. For example, the SE provides an ISO-7816 standard interface, and the interfaces used by the terminals of the internet of things are various, which requires that the SE at least needs to integrate a switching mode before integration. But this also limits the applicability of SE. In addition, SE belongs to the power-on vulnerable element, and when external power supply is unstable or frequent power failure or overload occurs, unpredictable and irreversible damage can be caused to the SE. And the terminal of the internet of things works under the working condition of unstable voltage, so that the service life of SE is also influenced. In addition, the SE follows the constraints of the secure channel protocol defined by the card specification (Global Platform Card Specification, GPC). The secure channel communication process can only be re-established after being interrupted by any factor. And the data transmission failure probability is higher under the mechanism under the influence of various factors.
Therefore, the application proposes a data transmission auxiliary method, a system, a terminal device and a storage medium, so as to make up for the deficiency of SE as much as possible. And through the cooperation of the data transmission auxiliary system and the SE, the adaptability of the SE is improved.
Fig. 1 is a schematic diagram of an application scenario provided in the present application. As shown in fig. 1, an SE and a data transmission auxiliary system connected with the SE are disposed in an internet of things terminal. When an external device, such as a server or other access devices, accesses the internet of things terminal, in order to ensure the security of the data, the external device performs security authentication through the SE. And data transmission is carried out between the external equipment and the SE through a data transmission auxiliary system. It should be noted that "SE" as used herein refers broadly to various types of SE products, including eSE. For a specific data transmission procedure, reference may be made to the following embodiments.
Fig. 2 is a schematic structural diagram of a data transmission auxiliary system according to an embodiment of the present application, and as shown in fig. 2, the data transmission auxiliary system of the present embodiment may include: a transmission control module 201, an operation module 202 and a storage module 203.
The transmission control module 201 is connected with the SE and is used for transmitting data between the external device and the SE based on a preset communication rule; the operation module 202 is connected with the transmission control module 201, and is used for processing the data transmitted by the transmission control module 201; the storage module 203 is connected to the transmission control module 201, and is used for storing the data transmitted by the transmission control module 201.
The data transmission auxiliary system provided in this embodiment is used for connecting the secure chip SE, and assisting the SE to transmit data to external devices. The data transmission auxiliary system includes: the device comprises a transmission control module, an operation module and a storage module. The transmission control module is connected with the SE and is used for carrying out data transmission between the external equipment and the SE based on a preset communication rule; the operation module is connected with the transmission control module and is used for processing the data transmitted by the transmission control module; the storage module is connected with the transmission control module and is used for storing the data transmitted by the transmission control module. Different from the mode of directly processing communication data of SE and external equipment through host equipment in the prior art, the scheme of the application provides a data transmission auxiliary system, so that the external equipment can communicate with SE through the auxiliary system, and the communication mode is not limited by the working mode of the host equipment any more, thereby improving the data transmission efficiency and suitability of SE.
The term "external device" in the present application refers to devices other than the host device, and includes a server and an access terminal described below.
At present, the terminals of the internet of things use various interfaces, such as SPI, I2C, CAN, LIN and the like. The interface of the SE is typically an ISO-7816 specification interface. In order to access the terminal of the internet of things, the customizing development of the interface is required to be carried out on SE in the prior art. But custom developed SE suitability is limited. In the application, an interface conversion module can be added into the data transmission auxiliary system to realize conversion between the SE interface and various terminal interfaces of the Internet of things, so that the SE can be adapted to various terminals of the Internet of things.
Specifically, the data transmission auxiliary system may further include: and an interface conversion module. The interface conversion module is connected with the transmission control module and is used for connecting with host equipment of the SE so as to realize direct data transmission between the SE and the host equipment.
Specifically, the interface conversion module may implement conversion between the SE interface and at least one terminal interface of the internet of things, for example, one or more of an SPI interface, an I2C interface, an ISO7816 interface, a CAN interface, and the like.
Through the interface conversion module provided by the data transmission auxiliary system, the SE can be connected with the terminals of the Internet of things with various interfaces, and the adaptability of the SE is improved.
The SE belongs to a power-on vulnerable element, has a certain threshold requirement on external power supply, and can cause unpredictable and irreversible damage to the SE when the power supply voltage exceeds the threshold or is frequently powered off. However, application scenes of the internet of things device mostly belong to working conditions of relatively unstable voltage. In itself, a power module may be incorporated into the data transmission auxiliary system to individually power the SE.
Specifically, the data transmission auxiliary system may further include: and a power supply module. The power module is used for providing stable voltage for the data transmission auxiliary system and SE.
As used herein, "stable voltage" means that the voltage value is stable within a certain threshold range. This stable voltage is a voltage that can make SE work normally.
The SE is independently powered through the power module, and the SE can not be influenced by the voltage of the change of the terminal of the Internet of things, so that the service life is prolonged to a certain extent.
In order to stabilize the voltage within a certain range, in some embodiments, the power module may include: a power supply module and a voltage stabilizing module. The power supply module is connected with the voltage stabilizing module and is used for supplying power; the voltage stabilizing module is used for converting the voltage provided by the power supply module into stable voltage.
Since SE is a low power consumption component, the power supply module may use a power supply unit with a smaller size, such as a button cell.
In some embodiments, the power module may further include: and the charging module is used for charging the power supply module.
Fig. 3 is a schematic structural diagram of a data transmission auxiliary system according to an embodiment of the present application, and as shown in fig. 3, the system of the present embodiment may include: the device comprises an interface conversion module 301, a transmission control module 302, a storage module 303, an operation module 304, a charging module 305, a power supply module 306 and a voltage stabilizing module 307.
The interface conversion module 301 is connected to the charging module 305 and the transmission control module 302, respectively. The interface conversion module 301 is configured to connect to the home terminal of the SE, convert a power supply interface in an external interface suitable for the home terminal into an input interface usable by the charging module 305, and input external electric power into the charging module 305. Meanwhile, the interface conversion module 301 converts a communication interface in an external interface suitable for the host terminal into an interface available to the transmission control module 302, so as to perform bidirectional transmission of data information between the host terminal and the SE.
The power supply module 306 is connected to the charging module 305 and the voltage stabilizing module 307, respectively. The electric quantity input through the charging module 305 is stored in the power supply module 306, and is output to other modules after voltage adjustment through the voltage stabilizing module 307.
The voltage stabilizing module 307 is connected to the transmission control module 302, the storage module 303, the operation module 304, and the SE, respectively, and provides stable voltages to the transmission control module 302, the storage module 303, the operation module 304, and the SE.
The transmission control module 302 is connected to the storage module 303, the operation module 304 and the SE, respectively. Transmitting the data to the storage module 303 for storage or acquiring the data from the storage module 303; transmitting the data to the operation module 304 for calculation, or acquiring the calculated data from the operation module 304; transmitting data to the SE, or receiving data transmitted by the SE.
The external device can communicate with the SE by means of the data transmission auxiliary system provided by the embodiment, and the communication mode is not limited by the configuration and the working mode of the host device, so that the data transmission efficiency and the adaptability of the SE can be improved. Meanwhile, through the interface conversion module provided by the data transmission auxiliary system, the SE can be connected with the terminals of the Internet of things with various interfaces, and the adaptability of the SE is improved. In addition, the power module is used for independently providing stable voltage for the SE, the SE can be free from the influence of voltage change of the terminal of the Internet of things, and the service life of the SE is prolonged to a certain extent.
The above-mentioned "preset communication rule", i.e., specific communication manner based on the data transmission auxiliary system, can be referred to the following description of each embodiment.
Fig. 4 is a flowchart of a data transmission assisting method according to an embodiment of the present application. The execution body of the embodiment is the data transmission auxiliary system. As shown in fig. 4, the method of the present embodiment may include:
s401, receiving a data packet sent by the server through a secure channel.
The secure channel is a guarantee mechanism for realizing secure communication between an external entity of the SE and an internal SE application by using a key technology. The process of establishing the channel may complete the mutual authentication of the external entity and the SE. The established secure channel can carry out encryption protection, redundancy check and tamper-proof protection on the data transmitted therein. The protocols of the secure channel can be a secure channel protocol based on a symmetric key, a secure channel protocol based on an asymmetric key, an air interface secure channel protocol based on short message SMS, an air interface secure channel protocol based on HTTPS, and the like.
When the server has data transmission requirements, firstly, the connection of the safety channel is established, and then the data transmission is carried out through the safety channel, so that the safety of the data is ensured.
S402, receiving a key of the temporary secure channel sent by the server through the secure channel.
The temporary secure channel is established by the server for data transmission between the data transmission auxiliary system and the SE. When data transmission is needed, the server sends the key of the temporary secure channel to the data transmission auxiliary system through the secure channel.
S403, sending the data packet to the SE through the temporary secure channel by using the key of the temporary secure channel.
The key of the temporary security channel can realize authentication, and data transmission can be performed based on the temporary security channel after authentication is successful.
In the method of the embodiment, by establishing the temporary secure channel, secure communication between the data transmission auxiliary system and the SE can be realized.
In one particular implementation, the KEY of the temporary secure channel may use a PUT KEY instruction defined in the GPC specification. The KEY version number (Key Version Number, KVN) used in the PUT KEY instruction and the state corresponding to the KEY are managed by the TSM system in the server. The data transmission auxiliary system ensures synchronization with the configuration definition of the TSM system by notifying the pull. The TSM determines the newly added key or the modified key according to the key state of the local record. After the temporary secure channel key is successfully generated, the temporary secure channel key can be issued to the data transmission auxiliary system in a data encryption key (Data Encryption Key, DEK) encryption mode by using a secure channel established between the TSM and the data transmission auxiliary system. The data transmission auxiliary system then schedules the SE offline upgrades in due course according to the local and SE's operational busy/idle status. Since the security channel is established and the data transmission quantity of the PUT KEY instruction itself is small, the dependence on the network quality is limited.
To ensure updating of applications and data of the SE, the service provider needs to connect to the SE through a TSM server deployed in the cloud, and establish a secure channel for remote updating of applications and data. The security channel protocol (Secure Channel Protocol, SCP) defined by the card specification (Global Platform Card Specification, GPC) specifies that the security channel communication process, once interrupted, can only be re-established. The update of the application is influenced by the application package, network transmission and SE internal transmission factors, so that the secure channel needs to be maintained for a long time, and the probability of interruption is high. Once interrupted, the transmission must be retransmitted. This results in a higher probability of success of the application remote upgrade.
Thus, in some embodiments, in step S401, the receiving the data packet sent by the server through the secure channel may specifically include: if interruption occurs in the process of receiving the data packet sent by the server through the secure channel, recording a breakpoint; sending the breakpoint to the server so that the server can continue sending the data packet according to the breakpoint; and the receiving server continues to send the data packet according to the breakpoint.
Therefore, the function of breakpoint continuous transmission can be realized between the server and the data transmission auxiliary system, and the data transmission efficiency between the server and the SE is improved. And the risk brought by network transmission abnormality is reduced, and the reliability of network upgrading and data updating is improved.
In some embodiments, the data packet includes: the update package is applied. That is, the server sends a data packet for applying the update to the SE. Correspondingly, the data transmission auxiliary method further comprises the following steps: receiving application version information corresponding to an application update data packet sent by a server through a secure channel; acquiring application version information in SE; determining whether the application update data packet needs to be received according to the application version information corresponding to the application update data packet and the application version information in the SE; and if the application update data packet is determined to be received, sending an update request to the server so that the server sends the application update data packet through the secure channel.
By comparing the version information of the update package with the version information of the application in the SE, it may be determined whether an update of the application using the update package is required. If the version of the update package is different from the version of the application in the SE, the application update data package should be received; otherwise, the application update data packet is not received.
In some embodiments, the data transmission auxiliary system may also receive the application update reminder in advance, and then acquire version information of the application update package from the server.
Specifically, the function interface for notifying the SE to perform application upgrade may be defined as an updateplet (), and when the application program invokes the interface, an application update reminder is sent to the data transmission auxiliary system.
Fig. 5 is a flowchart of a data transmission assisting method according to an embodiment of the present application. The execution body of the embodiment is a server. As shown in fig. 5, the method of the present embodiment may include:
s501, establishing a secure channel with a data transmission auxiliary system.
S502, sending the data packet to the data transmission auxiliary system through the secure channel.
S503, establishing a temporary secure channel between the data transmission auxiliary system and the SE.
S504, sending the key of the temporary secure channel to the data transmission auxiliary system through the secure channel, so that the data transmission auxiliary system sends the data packet to the SE through the temporary secure channel by using the key of the temporary secure channel.
Optionally, sending the data packet to the data transmission auxiliary system through the secure channel includes: the breakpoint sent by the data transmission auxiliary system is received, and the breakpoint is recorded when the data transmission auxiliary system is interrupted in the process of receiving the data packet sent by the server through the secure channel; and continuing to send the data packet according to the breakpoint.
Optionally, the data packet includes: the update package is applied. The method further comprises the steps of: transmitting application version information corresponding to the application update data packet to the data transmission auxiliary system through the secure channel, so that the data transmission auxiliary system determines whether the application update data packet needs to be received according to the application version information corresponding to the application update data packet and the application version information in the SE; and receiving an update request sent by the data transmission auxiliary system, wherein the update request is sent to the server by the data transmission auxiliary system when the data transmission auxiliary system determines to receive the application update data packet.
The method of this embodiment is a contralateral method flow of the embodiment corresponding to fig. 4, and specific implementation and technical effects may refer to the foregoing embodiments and are not repeated.
Fig. 6 is a flowchart of a data transmission assisting method according to an embodiment of the present application. The execution body of the embodiment is the data transmission auxiliary system, the SE and the server. As shown in fig. 6, the method of the present embodiment may include:
s601, the server sends an application upgrading notification to the data transmission auxiliary system. Correspondingly, the data transmission auxiliary system receives the application upgrading notification.
S602, the server establishes a secure channel with the data transmission auxiliary system.
S603, the server sends the latest application version number and the signature to the data transmission auxiliary system. Correspondingly, the data transmission auxiliary system receives the latest application version number and the signature.
S604, the data transmission auxiliary system acquires an application version number and a signature of the SE local.
S605, the data transmission auxiliary system judges whether the latest application version number and signature are consistent with the application version number and signature of the SE local.
S606, if the latest application version number and signature are inconsistent with the application version number and signature of the SE local, an update request is sent to the server. Accordingly, the server receives the update request.
S607, the server sends the application update data packet to the data transmission auxiliary system through the secure channel. Correspondingly, the data transmission auxiliary system receives the application update data packet.
S608, if interruption occurs, the data transmission auxiliary system records the breakpoint.
S609, the data transmission auxiliary system sends the breakpoint to the server. Accordingly, the server receives the breakpoint.
S610, the server reestablishes the secure channel and continues to send the data packet according to the breakpoint. Accordingly, the data transmission auxiliary system continues to receive the application update data packet.
And S611, after the transmission is completed, the data transmission auxiliary system sends a transmission completion notification to the server. Accordingly, the server receives the transmission completion notification.
S612, the server establishes a temporary secure channel between the data transmission auxiliary system and the SE.
S613, the server sends the session key of the temporary secure channel to the data transmission auxiliary system. Accordingly, the data transmission auxiliary system receives the session key of the temporary secure channel.
S614, the data transmission auxiliary system sends the data packet to the SE through the temporary secure channel by using the key of the temporary secure channel.
S615, the data transmission auxiliary system feeds back an upgrading result to the server.
The above execution steps are only one implementation manner, and the execution sequence can be adjusted according to actual requirements.
The specific implementation manner and technical effects of each step in this embodiment may refer to the foregoing embodiments, and will not be described in detail.
Fig. 7 is a flowchart of another data transmission assistance method according to an embodiment of the present application. The execution body of the embodiment is the data transmission auxiliary system. As shown in fig. 7, the method of the present embodiment includes:
s701, receiving a smart card instruction set sent by an access terminal, wherein the smart card instruction set comprises N instructions.
Wherein N is an integer greater than 0.
An access terminal refers to a terminal device that accesses an SE.
S702, disassembling N instructions from the instruction set of the smart card according to a preset sequence.
The preset sequence may be the sequence of each instruction in the instruction set. Or, an execution order that is otherwise specified in the instruction set.
S703, according to a preset sequence, N instructions are sent to the SE one by one.
S704, receiving responses of SE to N instructions one by one according to a preset sequence; and after receiving the response of the SE to the nth instruction, sending the (n+1) th instruction.
Wherein N is an integer greater than 0 and less than N.
Because the SE is a single thread process, the process of sending instructions to the SE and receiving the response of the SE to the instructions is done on a piece-by-piece basis, i.e., send instruction 1, receive the response of instruction 1, and then send instruction 2. Thus, until a response to the nth instruction is received.
S705, feeding back the responses of the N instructions to the access terminal.
The data carrier for the SE to interact with is an application protocol data unit (Application Protocol Data Unit, APDU) and the SE is only a single-threaded communication endpoint. Thus, accesses to the SE are performed sequentially. That is, after sending the first APDU command to the SE, the SE waits for a response to be returned, and then sends the next APDU command. In the prior art, considering the problem of transmission efficiency, an access party will send a plurality of APDU commands to a network opposite end where an SE is located in one data packet. After the network where the SE is located receives the data packet, a plurality of APDU instructions are split one by one according to the sequence. These APDU instructions are then sent sequentially to the SE and after the response information of the SE is collected. Sequential packing is returned to the visitor. The network opposite terminal of the SE is referred to herein as the host terminal of the SE.
The main controller in the host terminal is a multi-thread processor, and even a single-thread processor, the main controller is not specially used for controlling the dependence relationship of input and output for SE. Thus, to meet such data transmission requirements, a specific application program needs to be run in the SE's hosting terminal. Such applications, in turn, need to be custom developed for the configuration of the different host terminals. Making the implementation of this method cumbersome. And, such applications may still be limited by the running and storage capabilities in the running environment.
By the method of the embodiment, the receiving and disassembling processes of the instruction set are realized in the data transmission auxiliary system. The instruction set does not have to reach the host terminal, i.e. the problem of thread conflicts is not considered anymore, and the application program does not have to be customized in the host terminal additionally. The data transmission process is further simplified, and the data transmission efficiency is improved.
In one particular implementation, an API interface may be provided in the data transfer assistance system. An interface function sendrecvpdus (booteanisatr, list < String > apdus) is defined. Wherein isAtr is a parameter indicating whether to reset SE, and bootan indicates the character type of the parameter. If the isAtr parameter indicates that the SE needs to be reset, the data transmission auxiliary system also needs to send a reset instruction to the SE. After the SE reset is determined, the disassembly and transmission are performed. APDUs is the APDU instruction set, list < String > indicates the character type of the parameter. When the program calls the function, the API interface is called, and the method of the embodiment is executed.
Fig. 8 is a flowchart of another data transmission assistance method according to an embodiment of the present application. The execution subject of the present embodiment is an access terminal. As shown in fig. 8, the method of the present embodiment may include:
S801, a smart card instruction set is sent to a data transmission auxiliary system, so that the data transmission auxiliary system sends N instructions to SE one by one according to a preset sequence.
The intelligent card instruction set comprises N instructions, wherein N is an integer greater than 0.
S802, receiving responses of N instructions sent by the data transmission auxiliary system, wherein the responses of the N instructions are responses of SE (sequence of events) to the N instructions.
The method of this embodiment is a contralateral method flow of the embodiment corresponding to fig. 7, and specific implementation and technical effects may refer to the foregoing embodiments and are not repeated.
Fig. 9 is a flowchart of another data transmission assistance method according to an embodiment of the present application. The execution main body of the embodiment is the data transmission auxiliary system, the access terminal and the SE. As shown in fig. 9, the method of the present embodiment may include:
and S901, the access terminal sends a smart card instruction set to the data transmission auxiliary system. Correspondingly, the data transmission auxiliary system receives the smart card instruction set.
The intelligent card instruction set comprises N instructions.
S902, the data transmission auxiliary system disassembles N instructions from the intelligent card instruction set according to a preset sequence.
S903, the data transmission auxiliary system sends the nth instruction to the SE according to a preset sequence. Accordingly, the SE receives the nth instruction.
Wherein N is an integer greater than 0 and less than or equal to N.
S904, the SE sends a response to the nth instruction to the data transmission auxiliary system. Accordingly, the data transmission assistance system receives a response of the SE to the nth instruction.
S905, the data transmission auxiliary system feeds back the responses of the N instructions to the access terminal. Correspondingly, the access terminal receives the responses of the N instructions sent by the data transmission auxiliary system.
The steps S903 and S904 are required to be circularly executed N times, and the N instructions may be all transmitted to the SE, and the response of the SE is obtained, and then step S905 is executed, where N pieces of response information are transmitted to the access terminal at one time.
The specific implementation manner and technical effects of each step in this embodiment may refer to the foregoing embodiments, and will not be described in detail.
Fig. 10 is a schematic structural diagram of a data transmission auxiliary device according to an embodiment of the present application. As shown in fig. 10, the data transmission assisting apparatus 1000 of the present embodiment includes: a receiving module 1001 and a transmitting module 1002.
A receiving module 1001, configured to receive a data packet sent by a server through a secure channel; the key of the temporary secure channel sent by the server through the secure channel is received.
A sending module 1002, configured to send the data packet to the SE through the temporary secure channel by using the key of the temporary secure channel.
Optionally, the receiving module 1001 is specifically configured to, when receiving a data packet sent by the server through the secure channel: if interruption occurs in the process of receiving the data packet sent by the server through the secure channel, recording the breakpoint. The sending module 1002 is further configured to send the breakpoint to the server, so that the server continues to send the data packet according to the breakpoint. The receiving module 1001 is further configured to: and the receiving server continues to send the data packet according to the breakpoint.
Optionally, the data packet includes: the update package is applied. The receiving module 1001 is further configured to: receiving application version information corresponding to an application update data packet sent by a server through a secure channel; application version information in the SE is obtained. The apparatus further comprises: and the determining module is used for determining whether the application update data packet needs to be received according to the application version information corresponding to the application update data packet and the application version information in the SE. The sending module 1002 is further configured to send an update request to the server when the determining module determines that the application update data packet is received, so that the server sends the application update data packet through the secure channel.
The device of the present embodiment may be used to perform the method of the data transmission auxiliary system in any of the foregoing embodiments, and its implementation principle and technical effects are similar, and will not be described herein.
Fig. 11 is a schematic structural diagram of a server according to an embodiment of the present application. As shown in fig. 11, the server 1100 of the present embodiment includes: a setup module 1101 and a transmission module 1102.
A setting up module 1101, configured to set up a secure channel with the data transmission auxiliary system; a temporary secure channel between the data transmission auxiliary system and the SE is established.
A transmission module 1102, configured to send a data packet to a data transmission auxiliary system through a secure channel; and sending the key of the temporary security channel to the data transmission auxiliary system through the security channel, so that the data transmission auxiliary system sends the data packet to the SE through the temporary security channel by utilizing the key of the temporary security channel.
Optionally, the transmission module 1102 is specifically configured to, when sending a data packet to the data transmission auxiliary system through the secure channel: the breakpoint sent by the data transmission auxiliary system is received, and the breakpoint is recorded when the data transmission auxiliary system is interrupted in the process of receiving the data packet sent by the server through the secure channel; and continuing to send the data packet according to the breakpoint.
Optionally, the data packet includes: the update package is applied. The transmission module 1102 is further configured to: transmitting application version information corresponding to the application update data packet to the data transmission auxiliary system through the secure channel, so that the data transmission auxiliary system determines whether the application update data packet needs to be received according to the application version information corresponding to the application update data packet and the application version information in the SE; and receiving an update request sent by the data transmission auxiliary system, wherein the update request is sent to the server by the data transmission auxiliary system when the data transmission auxiliary system determines to receive the application update data packet.
The server of the present embodiment may be used to execute the method of the server of any of the foregoing embodiments, and its implementation principle and technical effects are similar, and will not be described herein.
Fig. 12 is a schematic structural diagram of another data transmission auxiliary device according to an embodiment of the present application. As shown in fig. 12, the data transmission assisting apparatus 1200 of the present embodiment includes: a receiving module 1201, a disassembling module 1202 and a transmitting module 1203.
The receiving module 1201 is configured to receive a smart card instruction set sent by the access terminal, where the smart card instruction set includes N instructions, where N is an integer greater than 0; a disassembling module 1202, configured to disassemble N instructions from the smart card instruction set according to a preset sequence; the sending module 1203 is configured to send the N instructions to the SE one by one according to a preset sequence; the receiving module 1201 is further configured to receive responses of the SE to the N instructions one by one according to a preset sequence; after receiving a response of SE to an nth instruction, transmitting the (n+1) th instruction, wherein N is an integer greater than 0 and less than N; the sending module 1203 is further configured to feed back a response of the N instructions to the access terminal.
The device of the present embodiment may be used to perform the method of the data transmission auxiliary system in any of the foregoing embodiments, and its implementation principle and technical effects are similar, and will not be described herein.
Fig. 13 is a schematic structural diagram of an access terminal according to an embodiment of the present application. As shown in fig. 13, the access terminal 1300 of the present embodiment includes: a transmit module 1301 and a receive module 1302.
The transmitting module 1301 is configured to transmit a smart card instruction set to the data transmission auxiliary system, where the smart card instruction set includes N instructions, where N is an integer greater than 0, so that the data transmission auxiliary system transmits the N instructions to the SE one by one according to a preset sequence.
The receiving module 1302 is configured to receive responses of N instructions sent by the data transmission auxiliary system, where the responses of the N instructions are responses of the SE to the N instructions.
The access terminal of the present embodiment may be used to execute the method of the access terminal in any of the foregoing embodiments, and its implementation principle and technical effects are similar, and will not be described herein.
Fig. 14 is a schematic structural diagram of a terminal device according to an embodiment of the present application. As shown in fig. 14, the terminal apparatus 1400 of the present embodiment includes: SE1401, data transmission auxiliary system 1402.
The data transmission assisting system 1402 may be configured as shown in fig. 3 or fig. 4 or fig. 10 or fig. 12.
The present application also provides a computer readable storage medium storing a computer program which, when executed by a processor, implements a method as in any of the above embodiments.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the method embodiments described above may be performed by hardware associated with program instructions. The foregoing program may be stored in a computer readable storage medium. The program, when executed, performs steps including the method embodiments described above; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present application.

Claims (10)

1. A data transmission assisting system for connecting a security chip SE, comprising: the device comprises a transmission control module, an operation module, an interface conversion module, a power supply module and a storage module;
The transmission control module is connected with the SE and is used for carrying out data transmission between the external equipment and the SE based on a preset communication rule;
the operation module is connected with the transmission control module and is used for processing the data transmitted by the transmission control module;
the storage module is connected with the transmission control module and is used for storing the data transmitted by the transmission control module;
the interface conversion module is connected with the transmission control module and is used for connecting with host equipment of the SE so as to realize direct data transmission between the SE and the host equipment; the interface conversion module is used for realizing conversion between the SE interface and at least one terminal interface of the Internet of things, and the terminal interface of the Internet of things comprises an SPI interface, an I2C interface and a CAN interface;
the power supply module is used for providing stable voltage for the data transmission auxiliary system and the SE;
the power module includes: a power supply module and a voltage stabilizing module; the power supply module is connected with the voltage stabilizing module and is used for supplying power; the voltage stabilizing module is used for converting the voltage provided by the power supply module into stable voltage;
the data transmission auxiliary system is used for executing the following method steps:
Receiving a data packet sent by a server through a secure channel;
receiving a key of a temporary secure channel sent by a server through the secure channel;
and transmitting the data packet to the SE through the temporary secure channel by utilizing the key of the temporary secure channel.
2. The system of claim 1, wherein the receiving the data packet sent by the server through the secure channel comprises:
if interruption occurs in the process of receiving the data packet sent by the server through the secure channel, recording a breakpoint;
the break point is sent to a server, so that the server continues to send the data packet according to the break point;
and the receiving server continues to send the data packet according to the breakpoint.
3. The system according to claim 1 or 2, wherein the data packet comprises: applying the update data packet;
the method steps further include:
receiving application version information corresponding to the application update data packet sent by a server through a secure channel;
acquiring application version information in the SE;
determining whether the application update data packet needs to be received according to the application version information corresponding to the application update data packet and the application version information in the SE;
And if the application update data packet is determined to be received, sending an update request to a server so that the server sends the application update data packet through a secure channel.
4. The system of claim 1, wherein the data transmission auxiliary system receives a smart card instruction set sent by the access terminal, the smart card instruction set including N instructions, N being an integer greater than 0;
disassembling N instructions from the intelligent card instruction set according to a preset sequence;
according to a preset sequence, the N instructions are sent to SE one by one;
according to a preset sequence, receiving responses of SE to N instructions one by one;
after receiving a response of SE to an nth instruction, transmitting the (n+1) th instruction, wherein N is an integer greater than 0 and less than N;
and feeding back the responses of the N instructions to the access terminal.
5. A data transmission assisting method, applied to a server, comprising:
establishing a secure channel with the data transmission auxiliary system according to claim 1;
transmitting a data packet to a data transmission auxiliary system through a secure channel;
establishing a temporary security channel between the data transmission auxiliary system and the SE;
And sending a key of the temporary security channel to the data transmission auxiliary system through the security channel, so that the data transmission auxiliary system sends the data packet to the SE through the temporary security channel by utilizing the key of the temporary security channel.
6. The method of claim 5, wherein said sending the data packet to the data transmission auxiliary system via the secure channel comprises:
receiving a breakpoint sent by a data transmission auxiliary system, wherein the breakpoint is recorded when the data transmission auxiliary system is interrupted in the process of receiving a data packet sent by a server through a secure channel;
and continuing to send the data packet according to the breakpoint.
7. The method according to claim 5 or 6, wherein the data packet comprises: applying the update data packet;
the method further comprises the steps of:
transmitting application version information corresponding to the application update data packet to a data transmission auxiliary system through a secure channel, so that the data transmission auxiliary system determines whether the application update data packet needs to be received according to the application version information corresponding to the application update data packet and the application version information in SE;
and receiving an update request sent by the data transmission auxiliary system, wherein the update request is sent to a server by the data transmission auxiliary system when the data transmission auxiliary system determines to receive the application update data packet.
8. A data transmission assisting method, comprising:
the server sending an application upgrade notification to the data transmission auxiliary system according to claim 1;
the data transmission auxiliary system receives an application upgrading notification;
the server establishes a secure channel with the data transmission auxiliary system;
the server sends the latest application version number and the signature to the data transmission auxiliary system;
the data transmission auxiliary system receives the latest application version number and the signature;
the data transmission auxiliary system acquires an application version number and a signature of the SE local;
the data transmission auxiliary system judges whether the latest application version number and the signature are consistent with the application version number and the signature of the SE local;
if the latest application version number and the signature are inconsistent with the application version number and the signature of the SE local, an update request is sent to the server;
the server receives an update request;
the server sends an application update data packet to the data transmission auxiliary system through the secure channel;
the data transmission auxiliary system receives the application update data packet;
If interruption occurs, the data transmission auxiliary system records a breakpoint;
the data transmission auxiliary system sends the broken point to the server;
the server receives a breakpoint;
the server reestablishes a safety channel and continues to send the data packet according to the breakpoint;
the data transmission auxiliary system continues to receive application update data packets;
after the transmission is completed, the data transmission auxiliary system sends a transmission completion notification to the server;
the server receives the transmission completion notification;
the server establishes a temporary secure channel between the data transmission auxiliary system and the SE;
the server sends the session key of the temporary secure channel to the data transmission auxiliary system;
the data transmission auxiliary system receives a session key of the temporary security channel;
the data transmission auxiliary system sends a data packet to the SE through the temporary secure channel by utilizing the key of the temporary secure channel;
and the data transmission auxiliary system feeds back an upgrading result to the server.
9. A terminal device, comprising: SE, a data transmission assistance system according to claim 1.
10. A computer readable storage medium, characterized in that the storage medium stores a computer program which, when executed by a processor, implements the method according to any of claims 5-8.
CN202010843084.0A 2020-08-20 2020-08-20 Data transmission assisting method, system, terminal device and storage medium Active CN111898151B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010843084.0A CN111898151B (en) 2020-08-20 2020-08-20 Data transmission assisting method, system, terminal device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010843084.0A CN111898151B (en) 2020-08-20 2020-08-20 Data transmission assisting method, system, terminal device and storage medium

Publications (2)

Publication Number Publication Date
CN111898151A CN111898151A (en) 2020-11-06
CN111898151B true CN111898151B (en) 2024-03-29

Family

ID=73230056

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010843084.0A Active CN111898151B (en) 2020-08-20 2020-08-20 Data transmission assisting method, system, terminal device and storage medium

Country Status (1)

Country Link
CN (1) CN111898151B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014086652A1 (en) * 2012-12-07 2014-06-12 Gemalto Sa Method of allowing communication between a secure element and a server
CN109165034A (en) * 2018-08-31 2019-01-08 深圳大势智能科技有限公司 POS machine upgrade method, device, equipment and storage medium based on OTA
WO2019071650A1 (en) * 2017-10-09 2019-04-18 华为技术有限公司 Method for upgrading application in security element and related device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3101862A1 (en) * 2015-06-02 2016-12-07 Gemalto Sa Method for managing a secure channel between a server and a secure element

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014086652A1 (en) * 2012-12-07 2014-06-12 Gemalto Sa Method of allowing communication between a secure element and a server
WO2019071650A1 (en) * 2017-10-09 2019-04-18 华为技术有限公司 Method for upgrading application in security element and related device
CN109165034A (en) * 2018-08-31 2019-01-08 深圳大势智能科技有限公司 POS machine upgrade method, device, equipment and storage medium based on OTA

Also Published As

Publication number Publication date
CN111898151A (en) 2020-11-06

Similar Documents

Publication Publication Date Title
EP3170322B1 (en) Electronic device, controller and control method for nfc
CN101883108B (en) Document transmission method and system of dynamic authentication
EP3193483B1 (en) Flow table ageing method, device and system and computer-readable medium
US20210318738A1 (en) Methods and apparatus for enhanced power delivery between devices
EP2858259A1 (en) NFC tag, communication method and system
WO2023024824A1 (en) Charging protocol determination method and apparatus, electronic device, and readable storage medium
EP3672300A1 (en) Portable secure elements for subscription manager roles
CN106530465A (en) Intelligent whole door lock unit with low power consumption and implementing method of intelligent whole door lock unit
CN104539493B (en) Based on the intelligent terminal that USB interface is realized to the managing and control system and its implementation of intelligent appliance
CN111416718A (en) Method and device for receiving communication key, method and device for sending communication key
CN111898151B (en) Data transmission assisting method, system, terminal device and storage medium
CN111818517B (en) Multi-channel secure communication module, communication system and method
US9667734B2 (en) Push notification-based remote control method and apparatus for the same
CN103220345A (en) Method for managing portal equipment, portal equipment and system
US20150294124A1 (en) Device monitoring using multiple servers optimized for different types of communications
CN201590829U (en) Updateable universal smart card and system thereof
US20170244691A1 (en) Method of sending data from a secure token to a distant server
CN110572315A (en) Information interaction method and device, robot and storage medium
CN104796458A (en) Information fusion method for Android system
CN111342932B (en) Data transmission method, device, equipment and computer readable storage medium
US9332374B2 (en) Communication interface method for SE equipped on mobile terminal and SE using the same
CN109862553B (en) Terminal and communication method
CN109871288A (en) Execute method, apparatus, equipment and the medium of android system order
EP4002788A1 (en) A system and devices for secure and efficient provisioning of electronic devices
US20220191089A1 (en) Electronic device configuration mechanism

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant